RingCentral - Seven layers of security
RingCentral gives you added peace of mind by instituting robust security measures at every level of our architecture and processes. These include the physical, infrastructure, host, data, application, and business processes, as well as the enterprise level of your organization.
Transmission security
To prevent interception of your communications, RingCentral provides Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption between all endpoints.
Infrastructure security
RingCentral offers the following infrastructure safeguards:
Network and applications: firewalls and session border controllers
Administrative functions: multiple authentication levels
Technology: intrusion-detection systems and fraud analytics
Operational functions: monitoring, system hardening, and vulnerability scans
Payment processing: full PCI DSS 3.1 compliance
Physical and environmental security
The RingCentral platform is deployed across SSAE 16 and ISO 27001-audited data centers, protected by the most robust electronic prevention systems, on-site engineering specialists, and security guards. The geographic diversity of our locations also minimizes the risk of data loss and service interruption due to catastrophe.
Proactive fraud mitigation
RingCentral prevents toll fraud through access control, detection controls, and usage throttling, and gives you granular control over who gets to make international calls and to where. Plus our global security department actively monitors your account to detect irregular calling patterns and prevent fraudulent charges.
FINRA security controls
FINRA’s mission is to protect investors by making sure the United States securities industry operates fairly and honestly. RingCentral has received compliance in security controls for cloud providers established by FINRA to protect all data and information of our customers who are using RingCentral Office® and the RingCentral app (previously known as Glip®).
Compliance
We regularly undergo independent verification of our security controls to protect our customers’ data and communications and to meet regulatory and compliance needs.
SOC 2 Type 2 (SOC 2+)
The SOC 2 report validates the effectiveness of our operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.
SOC 3
Unlike a SOC 2 report, a SOC 3 report can be freely distributed to the public for general use. RingCentral has undergone a third-party audit to certify our services against this standard. Click here to access our SOC 3 report.
HIPAA compliance
The government does not offer a HIPAA certification for business entities. In order to meet the HIPAA security requirements as they apply to our service and operations, RingCentral has implemented the HIPAA security safeguards. We annually undergo a third-party SOC 2+ audit, which includes an assessment of controls mapped to the HIPAA Security Rule requirements, that demonstrates the implementation of the security safeguards and requirements outlined in the HIPAA Security Rule. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.
HITRUST
RingCentral Office and the RingCentral app have earned Certified status for information security by HITRUST. HITRUST CSF Certified status indicates that these RingCentral apps have met industry-defined security requirements and are appropriately managing risk. RingCentral joins an elite group of global organizations that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address cyber security challenges through a comprehensive framework of prescriptive and scalable security controls. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark which organizations apply to safeguard ePHI data. Click here and here to access RingCentral’s HITRUST certifications.
Skyhigh Enterprise-Ready (McAfee Enterprise-Ready)
RingCentral Office has earned the Skyhigh’s CloudTrust™ rating of Enterprise-Ready, the highest rating possible from Skyhigh. Skyhigh provides this status to cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.